CVE-2019-7550

In JForum 2.1.8, an unauthenticated, remote attacker can enumerate whether a user exists by using the "create user" function. If a…

mitre·CWE-209·Published 2019-02-12

CVSS

—

EPSS

0.02

KEV

Exploits

cve.orgen

294 chars

In JForum 2.1.8, an unauthenticated, remote attacker can enumerate whether a user exists by using the "create user" function. If a register/check/username?username= request corresponds to a username that exists, then an "is already in use" error is produced. NOTE: this product is discontinued.

NVDen

294 chars

NVDes

304 chars

En JForum 2.1.8, un atacante remoto no autenticado puede enumerar si un usuario existe mediante la función "create user". Si una petición register/check/username?username= se corresponde con un nombre de usuario existente, se produce un error "is already in use". NOTA: este producto se ha descontinuado.

CVSS metrics across sources

Version	Type	Source	Base	Exp	Impact	Vector
2.0	Primary	NVD	5.0	10.0	2.9	AV:N/AC:L/Au:N/C:P/I:N/A:N
3.0	Primary	NVD	5.3	3.9	1.4	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N